Phishers Divert Targets to Hotel Websites from Banks & Ecommerce Outlets

According to a team of security experts at FraudTip, phishers have added a new attack in their kitty to deceive hotel customers instead of targeting banking sites.

The security company in its report revealed that people wanted to book rooms online at several hotel chains were more vulnerable to be redirected to bogus websites resembling almost to the originals.

The report also highlighted that the scam was targeted against a large number of hotel chains. Over 71,000 travelers are redirected to bogus websites every month, said FraudTip.

Moreover, the report findings were released on February 6, 2009 and showed that online scams combined with advanced online advertising, Internet browser crimeware, bogus hotel locators and third party reservation used to divert hotel guest traffic to fake websites of well-known hotel chains.

The scam hit hardest to Days Inn, Super 8 Motels and Ramada operated by Wyndham Worldwide, the world's largest hotel chain located in Parsippany, New Jersey [US]. More than 50,000 tourists trying to book rooms in these hotels are diverted to bogus sites every month.

Besides Wyndham Worldwide, nearly 15,862 prospective guests of Comfort Inn controlled by Choice Hotels International situated in Silver Spring, Maryland (US) are redirected to fake websites. Chicago (US)-based Hyatt Hotels have become victim of the same scam.

The report also disclosed that teens, females as well as adults 50+ were coming at higher percentage than average on these fraudulent websites. Moreover, African American visitors are visiting these websites at more than average percentage. High index post graduates and graduates and affluent audience are increasingly coming to fake hotel websites.

Security experts reckon that the attack is clearly a phishing scam but the only difference is visitors redirected to fake hotel websites instead of ecommerce outlets and banks. It is possible that search engine trickery has been used to raise the ranking of websites on popular search engine.

Roger Thompson, Chief of Research, AVG, said that this attack incorporate all hallmarks of a phishing attack, but didn't include any malware, as reported by TheRegister on February 5, 2009.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 2/19/2009